| عنوان | https://github.com/mao888 https://github.com/mao888/bluebell-plus v2.3.0 Authorization Bypass |
|---|
| الوصف | The JWT secret key is hardcoded in the source code, making it easy for an attacker to forge valid JWT tokens and bypass authentication mechanisms.You can easily forge a valid Token and create any posts or comments with it.
Details can be found in https://github.com/mao888/bluebell-plus/issues/35. |
|---|
| المصدر | ⚠️ https://github.com/mao888/bluebell-plus/issues/35 |
|---|
| المستخدم | Tritium (UID 50779) |
|---|
| ارسال | 25/06/2025 11:37 AM (10 أشهر منذ) |
|---|
| الاعتدال | 05/07/2025 02:45 PM (10 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 314993 [mao888 bluebell-plus حتى 2.3.0 JWT Token jwt.go mySecret توثيق ضعيف] |
|---|
| النقاط | 18 |
|---|